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Mobile Crypto Device 




The Mobile Crypto Device provides Secure Data & 
Application Mobility by providing secure storage, 
access and transport for your sensitive files on a small, 
easy to use USB memory device.. It also provides 
secure, remote access to your server applications. 




Secure Storage 

On device software cryptography for encryption 

On device storage and transport for both 
encrypted and unencrypted data 

On device certificates for authentication to the 
Public Key Infrastructure 

On device passwords for easy retrieval and use 

On device key storage for security and ease of use 

File scan to minimize security risks from 
temporary files left by applications. 



Application & Data Mobility 

Encrypted file transport & Email storage 

Email verification with signature 

Windows terminal services for remote access to 
server applications 
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Information Security Systems Division (1SSD) 
74.80 Candlewood Road • Hanover, MD • 21076 
Phone: (410)694-4900 • www.titanissd.com 



Acountabilitv 

• Web access control based on user needs 

• LAN access control for differing access levels 

• Logging to support traceability and records for 
tracking 

• Audit logging for monitoring user actions 



Authentication 

Consumer Authentication server for authentication 
in non-PKI environments 

LDAP server for directory services 



Enterprise Services & Interoperability 

• Certificate issuance and revocation 

• Centralized key recovery for lost or stolen keys 

• File recovery for files on lost USB device 

• . Automated data back-up on a central server 



TITAN ISSD provides a full range of 
products and services to support your 
Titan Proprietary secure communication needs. 
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User Remote PC 



USB Memory 
Device 



Management Tablet 



Secure storage, transport and use of sensitive data is critical 
in the Government's fight against terrorism and the Titan 
Mobile Crypto Device provides a cost effective solution. 
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Technical Specifications 

- 256 MB storage 

- Supports Windows 2000 and 
Windows XP 

- AES 128 bit Encryption 

- Microsoft Windows Terminal 
Services 

- Onboard Sync Application & 
Terminal Applications installed 

- No pre-installed software 
Server Requirements 

- Windows 2000 Professional 
-SOAP 

-Open SSL 

- Open LDAP 

Future Capabilities 

- Key Recovery 

- Secure backup & recovery 

- Secure Collaboration 

- Virus Security Scanning 

- Biometric authentication 

- Authentication with the 
"Secure ID" Card 

- Configure system security 
policy 

- Encrypted Email 



Titan Proprietary 



TITAN ISSD provides a full range of products 
and services to support your secure 
communication needs. 
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Mobile Crypto Device (MCD) Data Flow Diagrams 

The Mobile Crypto Device is designed for the secured management and replication of 
files, applications, and other user data. The device is based around a removable memory 
device that is used on an end user computer for file and data storage. The device is pre- 
installed with management software to secure (encrypt) and replicate/synchronize these 
files with a remote server. 
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Scenario 1: Memory Device Issuing 



The process of issuing a memory device to an end user initializes the device and installs 
applications according to the enterprises configuration and requirements. This 
installation is processed by a management station, which in turn communicates with a 
centralized server. 




Figure J. MCD Issuing Data Flow 

Step 1: Memory Device inserted into management station 

The management station will read the current state of the Memory Device, and if 
it is a clean device will prepare to install and configure for a new user. 

Step 2: Device issue request is sent to central server 

The management station will enter details to identify the user who is receiving the 
Memory Device and will send this information to the central server. This ensures 
that all users are centrally managed and that each device can be individually 
detailed. 

Step 3: User details are read from the central directory/database 



The information for the specified user is read from the centralized database. This 
information is used to generate appropriate keys/certificates for the user, or to 
identify an error in the event that the user is unknown or has a pre-existing key. 

Step 4: Given a valid request, the new user details are written to the centralized database 

If the request is processed correctly, the new key/certificate and issuing details are 
written to the centralized directory/database. 

Step 5: A response is returned to the management station 

A successful request or error response is returned to the management station. If 
the request was successful, appropriate key information is returned for storage on 
the memory device. If the request failed, error message details are returned. 

Step 6: Device initialization 

For a valid request, the memory device is now initialized. The memory is cleared 
and software is installed for data management and synchronization. The users 
details, configuration settings, and keys/certificates are written to the device, and 
an initial encryption of these details occurs. 

Step 7: User issuing 

The device is now physically issued to the end user. 
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Scenario 2: Memory Device Synchronization 



As the user works with data on the MCD, they will synchronize with the central server at 
periodic intervals to ensure that all data is appropriately backed up and safe. This 
synchronization process occurs over a secured connection, and will synchronize all 
sensitive and encrypted data. 
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Figure 2. MCD Synchronization Data Flow 

Step 1 : User reads current file information from MCD 

The user selects the option to synchronize files on the MCD. This will cause the 
MCD application to read in information on all encrypted and sensitive files from 
the MCD. 

Step 2: User sends file information in a request to the central server 

The MCD application will authenticate to the repository and send current file 
information to the central server as a synchronization request. 

Step 3: Server reads current file state from data repository 
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The central server will retrieve details on the last known state of the users files 
that are stored in the repository. This information is then matched up with the 
user-sent information to determine which files have changed and need to be 
updated on the central server. 

Step 4: Server sends file state to user workstation 

The server sends a list of files that need to be sent to the server in order to fully 
synchronize the device as a response to the initial request. 

Step 5: User sends updated files from MCD to central server 

The user will sent to the central server all files detailed in the response directly 
from the MCD to the central server. 

Step 6: Server writes updated file to data repository 

The server writes all new/changed files to the server. If a file was changed, the 
old file is retained according to corporate data retention policies. 

Step 7: Central server returns results to user 

After all files have been correctly synchronized, the server returns these details to 
the user. 

Step 8: User updates file information on MCD 

The MCD application will then update the local MCD to track last 
synchronization details. 
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Scenario 3: Memory Device Application Access 

As the user works with data on the MCD, they will synchronize with the central server at 
periodic intervals to ensure that all data is appropriately backed up and safe. This 
synchronization process occurs over a secured connection, and will synchronize all 
sensitive and encrypted data. 



| Terminal Server 
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Figure 3. MCD Application Access 



Step 1 : User runs application access application from MCD 

The user selects the remote application access function from the MCD. Reading 
any necessary keys/certificates from the MCD, the application executes. 

Step 2: Application access application connects to corporate terminal server 

The application will establish a secured connection with the corporate terminal 
server, passing any keys/certificates, and allowing the user to enter any other 
necessary authentication credentials. 
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Step 3: Terminal server establishes authenticated and secure connection 



Upon a valid authentication, the terminal server will establish a fully connected 
session and allow the user to start executing applications as necessary. 
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TITAN PROPRIETARY 



IR&D Provisional Patent Application - MCD 
Statement - MCD Overview 

The Mobile Crypto Device (MCD) provides three main secure capabilities. The first is 
"Mobile Device-based Secured Data Synchronization and Exchange", which is the 
secured synchronization process between the MCD and the repository server. The 
second is "Mobile Device-based Application Access Capability, which is the act of 
accessing a remote software application (terminal server, for example) through software 
wholly contained on the MCD device. The third capability is "Mobile Device-based 
Security Auditing Capability", which encompasses the security features of the MCD 
including local vulnerability scanning, system state assessment, and other features. 

1 . Common Claims for each capability 

1 . A secure data management and remote application access device based on custom 
software comprising: a removable media device that holds applications, 
configuration information, and user data; a data management application that 
provides for file encryption and decryption; a data management application that 

- allows for remote storage of user data; a data management application that allows 
for remote synchronization of user data; a data management application that is 
integrated into corporate or commercial security solutions; a data management 
application that is integrated into corporate or commercial Public Key 
Infrastructures (PKI); a data management application that is integrated into 
corporate and/or commercial directories; a data management application that 
provides for data encryption to multiple recipients; a data management application 
that validates that host computers have removed traces of user data from the 
system; an application access application that provides pre-configured remote 
application access executing from a removable memory device; a security 
application based on a removable memory device that will verify a host 
computing device is free of virus activity; a security application based on a 
removable memory device that will verify a host computing device is free of user 
monitoring software; a security application based on a removable memory device 
that will summarize host computing device security state easily for a user; a 
security application based on a removable memory device that will verify that all 
user data has been removed from a host computing device. 

2. A removable memory device according to claim 1 , such as a static memory device 
with a built-in USB interface, wherein custom software is contained in, and 
executed by a host computing device. 

2. Mobile Device-based Secured Data Synchronization and 
Exchange Capability 
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1 . A secured data management application according to claim 1 , that provides a user 
interface to encrypt, decrypt, and manage data on behalf of a user. 

2. A secured data management application according to claim 1 that enables user 
data and information to be securely stored on a remote server, after a successful 
user authentication process. 

3. A secured data management application according to claim 1 that enables user 
data and information to be securely synchronized with previous user data on a 
remote server, after a successful user authentication process. 

4. A secured data management application according to claim 1 that verifies that all 
user sensitive data that has been stored as temporary files have been removed 
from a host computing device. 

5. A secured data management application according to claim 1 that is integrated 
into corporate security infrastructures and PKI systems to utilize corporate or 
commercially issued Keys and Certificates to encrypt and decrypt user data. 

6. A secured data management application according to claim 1 that provides an 
inherent ability to search corporate and/or commercial directories, automatically 
retrieve encryption information about the user, such as public keys, and using this 
information to encrypt information for one or more destination users. 

3. Mobile Device-based Application Access Capability 

1 . A remote application access application according to claim 1 that is pre- 

configured and installed on the removable memory device and provides a user 
remote access to software applications and desktop environments located on other 
systems, including corporate or other commercial systems. 

4. Mobile Device-based Security Auditing Capability 

1. A security application according to claim 1 that will operate by executing via the 
removable memory device and will scan and verify that a host computing device 
is free of virus activity. 

2. A security application according to claim 1 that will operate by executing via the 
removable memory device and will scan and verify that a host computing device 
is free of user monitoring, keystroke logging, and other invasive activity. 

3. A security application according to claim 1 that will operate by executing via the 
removable memory device and scan various aspects of a host computer and use 
this information to generate an easily understandable report on the state of the 
host system security. This security summary may be used to restrict the activities 
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of the user on the host to ensure that sensitive information is not exposed on an 
insecure or un-trusted host computer. 
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Method Claim: 



There are three ways the Mobile Crypto Device can be fielded and deployed. 



1. Initially, Titan will want to simplify the deployment of the product and its 
supporting infrastructure to encourage trials tests and simplify adoption. In this 
case, Titan will provide a hosted service . The enterprise would simply have a 
management application to create/manage accounts, and that all server and 
storage infrastructure would be maintained by a central, off-site entity. This could 
be provided on a user-by-user basis in order to get potential clients using the 
software quickly in a trial mode with little start-up effort. 

2. The next method of deployment would be to use an appliance configuration . A 
computer will pre-configured with an operating system and Titan server software 
and can be installed onto a corporate network. With this approach, local (client) 
IT staff would have very little work to do and the capability can be up and 
running in even a small company very quickly. If required, Titan could provide 
the necessary professional IT services. 

3. Ultimately, Titan envisions an enterprise version of the product that ties into 
corporate certificate infrastructures and directories. This method would apply to 
larger entities with knowledgeable IT staffs. 
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